Mobile communication networks function as effective access networks which provide the users with access to the actual data networks for mobile data transmission. Mobile data transmission is supported particularly well by digital mobile communication systems, such as the pan-European mobile communication system GSM (Global System for Mobile Communication). In this application the term ‘data’ refers to any information transmitted in a digital telecommunications system. Such information may comprise digitally encoded audio and/or video, inter-computer data traffic, telefax data, short sections of program codes, etc. The mobile communication system generally refers to any telecommunications system which employs wireless communication when the users move within the service area of the system. A typical example of a mobile communication system is a public land mobile network PLMN. The mobile communication network is often an access network which provides the user with wireless access to external networks, hosts or services offered by specific service producers.
One of the main goals in the development of the mobile communication systems has been to offer an opportunity of using IP services via the mobile communication network so that the mobile station can also function as the host. This is possible in a general packet radio service GPRS, for example. The GPRS service provides packet data transmission between mobile data terminals and external data networks in the GSM system. To send and receive GPRS data, a mobile station has to activate the packet data address it wants to use by requesting a PDP (Packet Data Protocol) activation procedure. This operation makes the mobile station known in the corresponding gateway support node, and thus interworking with the external data networks using the activated packet data address can be initiated. Similar solutions are also being designed for the ‘third-generation mobile communication systems’, such as the UMTS (Universal Mobile Communications System) and IMT-2000 (International Mobile Telecommunications 2000).
Particularly in IP networks spoofing, i.e. forging of the source address of an IP data packet, is easy. In other words, the host transmitting the IP packet may pretend to be someone else and send packets in the name of A to B who sends a response to A. In that case both A and B will be interfered with. One solution to this problem is to use firewalls. In these the user is not, however, authenticated but only source and destination addresses are monitored. In a firewall, source addresses are usually described with the accuracy of a subnetwork. Consequently, the firewall cannot know the real sender of the packet, and hosts in the same subnetwork can represent themselves as each other. Since the source addresses allowed in the firewall have to be known in advance and the mobile station must be able to move from the area of one firewall to the area of another without changing its IP address, the allowed source addresses of the firewalls in practice cover all mobile stations which are capable of accessing a subnetwork protected by the firewall. The problem caused by this is that the source address of the IP packet is not reliable and to prevent spoofing the mobile host has to be authenticated separately. Prevention of spoofing is particularly important when IP services for which the host is charged are used. A reliable authentication procedure may, however, increase the delay in the network or waste limited resources, i.e. the air interface, in the mobile communication networks.